The FortiGuard Labs report highlights the rise of the Lynx ransomware, detailing its mechanisms, impact on Microsoft Windows systems, and protective measures offered by Fortinet. Lynx ransomwares encrypt victims’ files, demand ransom, and have affected numerous organizations across various sectors, predominantly in the U.S. Affected: Microsoft Windows, Manufacturing, Construction, Healthcare, Energy
Keypoints :
- Lynx ransomware first appeared publicly in July 2024.
- Lynx is similar to the older INC ransomware, which is believed to be its predecessor.
- Both Lynx and INC encrypt files on Windows machines and change the desktop wallpaper to display ransom notes.
- Lynx offers advanced control features compared to its predecessor, INC.
- The ransomware avoids encrypting certain critical folders and file types.
- It targets businesses globally, with the majority of victims located in the United States.
- The manufacturing sector is the most affected, followed by construction.
- Fortinet solutions, including FortiGuard Antivirus, detect and block Lynx ransomware.
- Best practices include not paying ransoms and maintaining updated security measures.
MITRE Techniques :
- TA0001 – Initial Access: Infection vector is not specified but aligns with common ransomware methodologies.
- T1486 – Data Encrypted for Impact: The Lynx ransomware encrypts files and demands ransom for decryption.
- T1499 – Network Share Discovery: The ransomware can encrypt network shares using the ‘–encrypt-network’ option.
- T1490 – Inhibit System Recovery: Lynx deletes shadow copies and uses various methods to access and encrypt files.
- T1562.001 – Disable or Restrict System Recovery: Lynx empties the recycle bin and avoids encrypting specific critical files.
Indicator of Compromise :
- SHA2 eaa0e773eb593b0046452f420b6db8a47178c09e6db0fa68f6a2d42c3f48e3bc
- SHA2 31de5a766dca4eaae7b69f807ec06ae14d2ac48100e06a30e17cc9acccfd5193
- SHA2 3e68e5742f998c5ba34c2130b2d89ca2a6c048feb6474bc81ff000e1eaed044e
- SHA2 432f549e9a2a76237133e9fe9b11fbb3d1a7e09904db5ccace29918e948529c6
- SHA2 4e5b9ab271a1409be300e5f3fd90f934f317116f30b40eddc82a4dfd18366412
Full Story: https://feeds.fortinet.com/~/912974009/0/fortinet/blog/threat-research~Ransomware-Roundup-%e2%80%93-Lynx